jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Black hole 80/443 in firewall.nix CJ

Browse Source
This commit is contained in:
Jacob Hinkle 2023-06-13 07:06:44 -04:00
parent d436285423
commit b7c65ba37d
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
machines/cj/firewall.nix
View File

@ -7,13 +7,20 @@
#8123 # home-assistant #8123 # home-assistant
#3000 # gitea #3000 # gitea
8081 # vaultwarden 8081 # vaultwarden
80 443 # reverse proxy # If we are reverse proxying we should map to a different port than 443 or
# 80. Here we blackhole those ports so that pihole will be more efficient.
# When pihole "blocks" a site, depending on configuration what it may really
# does is returns its own IP, so the client then requests the content from
# this node at whichever port it needs. That is usually 80 or 443 for http
# and https, so it's better to block these fast than to pass all that
# traffic to some actual service.
#80 443 # reverse proxy
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
22000 21027 # syncthing 22000 21027 # syncthing
3478 5514 10001 1900 123 # unifi 3478 5514 10001 1900 123 # unifi
53 # pihole 53 # pihole
80 443 # reverse proxy #80 443 # reverse proxy
]; ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 5656; to = 5699; } # unifi { from = 5656; to = 5699; } # unifi